CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53070 – usb: dwc3: fix fault at system suspend if device was already runtime suspended
https://notcve.org/view.php?id=CVE-2024-53070
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: fix fault at system suspend if device was already runtime suspended If the device was already runtime suspended then during system suspend we cannot access the device registers else it will crash. Also we cannot access any registers after dwc3_core_exit() on some platforms so move the dwc3_enable_susphy() call to the top. • https://git.kernel.org/stable/c/073530898ebf44a9418434e899cfa9ca86945333 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53068 – firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier()
https://notcve.org/view.php?id=CVE-2024-53068
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() The scmi_dev->name is released prematurely in __scmi_device_destroy(), which causes slab-use-after-free when accessing scmi_dev->name in scmi_bus_notifier(). So move the release of scmi_dev->name to scmi_device_release() to avoid slab-use-after-free. | BUG: KASAN: slab-use-after-free in strncmp+0xe4/0xec | Read of size 1 at addr ffffff80a482bcc0 by task swapper/0/1 ... • https://git.kernel.org/stable/c/ee7a9c9f67c59008b330deff2762bd8cf1407eec •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53066 – nfs: Fix KMSAN warning in decode_getfattr_attrs()
https://notcve.org/view.php?id=CVE-2024-53066
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: nfs: Fix KMSAN warning in decode_getfattr_attrs() Fix the following KMSAN warning: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009) ===================================================== ===================================================== BUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90 decode_getfattr_attrs+0x2d6d/0x2f90 decode_getfattr_generic+0x... • https://git.kernel.org/stable/c/88034c3d88c2c48b215f2cc5eb22e564aa817f9c •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53063 – media: dvbdev: prevent the risk of out of memory access
https://notcve.org/view.php?id=CVE-2024-53063
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set or not. When not set, dvb_register_device() won't check for boundaries, as it will rely that a previous call to dvb_register_adapter() would already be enforcing it. On a similar way, dvb_device_open() uses the assumption that the register functions already... • https://git.kernel.org/stable/c/5dd3f3071070f5a306bdf8d474c80062f5691cba •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53061 – media: s5p-jpeg: prevent buffer overflows
https://notcve.org/view.php?id=CVE-2024-53061
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. If this happens, there will be buffer overflows, as reported by smatch. Add extra checks to prevent it. While here, remove an unused word = 0 assignment. • https://git.kernel.org/stable/c/6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53060 – drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
https://notcve.org/view.php?id=CVE-2024-53060
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported acpi_evaluate_object() may return AE_NOT_FOUND (failure), which would result in dereferencing buffer.pointer (obj) while being NULL. Although this case may be unrealistic for the current code, it is still better to protect against possible bugs. Bail out also when status is AE_NOT_FOUND. This fixes 1 FORWARD_NULL issue reported by Coverity Report: CID 1600951: Null ... • https://git.kernel.org/stable/c/58556dcbd5606a5daccaee73b2130bc16b48e025 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53059 – wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()
https://notcve.org/view.php?id=CVE-2024-53059
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() 1. The size of the response packet is not validated. 2. The response buffer is not freed. Resolve these issues by switching to iwl_mvm_send_cmd_status(), which handles both size validation and frees the buffer. • https://git.kernel.org/stable/c/f130bb75d8817c560b48c4d1a0e5279968a0859d •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53058 – net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data
https://notcve.org/view.php?id=CVE-2024-53058
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data In case the non-paged data of a SKB carries protocol header and protocol payload to be transmitted on a certain platform that the DMA AXI address width is configured to 40-bit/48-bit, or the size of the non-paged data is bigger than TSO_MAX_BUFF_SIZE on a certain platform that the DMA AXI address width is configured to 32-bit, then this SKB requires at least two DMA tra... • https://git.kernel.org/stable/c/f748be531d7012c456b97f66091d86b3675c5fef •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53057 – net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
https://notcve.org/view.php?id=CVE-2024-53057
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over t... • https://git.kernel.org/stable/c/066a3b5b2346febf9a655b444567b7138e3bb939 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53056 – drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy()
https://notcve.org/view.php?id=CVE-2024-53056
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() In mtk_crtc_create(), if the call to mbox_request_channel() fails then we set the "mtk_crtc->cmdq_client.chan" pointer to NULL. In that situation, we do not call cmdq_pkt_create(). During the cleanup, we need to check if the "mtk_crtc->cmdq_client.chan" is NULL first before calling cmdq_pkt_destroy(). Calling cmdq_pkt_destroy() is unnecessary if we didn't call cmdq_pkt_... • https://git.kernel.org/stable/c/7627122fd1c06800a1fe624e9fb3c269796115e8 •